Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 734f144f5d47c9b76562d5b5c705428be0963aec^! / . / lib / neutron_plugins / services / l3
commit734f144f5d47c9b76562d5b5c705428be0963aec[log] [tgz]
authorHenry Gessau <HenryG@gessau.net>Sat Sep 17 19:28:53 2016 -0400
committerHenry Gessau <HenryG@gessau.net>Mon Sep 19 14:18:53 2016 -0400
treec769e410c029c9f91bbe6ee77a0d55384e66954f
parent81d89cf3584a5edadbaa2514305cf5721b29cdff [diff] [blame]
Neutron L3: account for all default routes

Some systems may have more than one default route.
Set up iptables NAT rules on all v4 default route devices.
Accept RAs on all v6 default route devices.

Closes-Bug: #1624773

Change-Id: If58509297497ea33c6c156f083a4394000bd0561

diff --git a/lib/neutron_plugins/services/l3 b/lib/neutron_plugins/services/l3
index 2e96284..09c08e3 100644
--- a/lib/neutron_plugins/services/l3
+++ b/lib/neutron_plugins/services/l3

@@ -88,8 +88,10 @@
 SUBNETPOOL_SIZE_V4=${SUBNETPOOL_SIZE_V4:-24}
 SUBNETPOOL_SIZE_V6=${SUBNETPOOL_SIZE_V6:-64}
 
-default_route_dev=$(ip route | grep ^default | awk '{print $5}')
-die_if_not_set $LINENO default_route_dev "Failure retrieving default route device"
+default_v4_route_devs=$(ip -4 route | grep ^default | awk '{print $5}')
+die_if_not_set $LINENO default_v4_route_devs "Failure retrieving default IPv4 route devices"
+
+default_v6_route_devs=$(ip -6 route | grep ^default | awk '{print $5}')
 
 function _determine_config_l3 {
     local opts="--config-file $NEUTRON_CONF --config-file $Q_L3_CONF_FILE"
@@ -121,7 +123,9 @@
             _move_neutron_addresses_route "$PUBLIC_INTERFACE" "$OVS_PHYSICAL_BRIDGE" False False "inet6"
         fi
     else
-        sudo iptables -t nat -A POSTROUTING -o $default_route_dev -s $FLOATING_RANGE -j MASQUERADE
+        for d in $default_v4_route_devs; do
+            sudo iptables -t nat -A POSTROUTING -o $d -s $FLOATING_RANGE -j MASQUERADE
+        done
     fi
 }
 
@@ -371,11 +375,13 @@
 
     # This logic is specific to using the l3-agent for layer 3
     if is_service_enabled q-l3 || is_service_enabled neutron-l3; then
-        # Ensure IPv6 RAs are accepted on the interface with the default route.
+        # Ensure IPv6 RAs are accepted on interfaces with a default route.
         # This is needed for neutron-based devstack clouds to work in
         # IPv6-only clouds in the gate. Please do not remove this without
         # talking to folks in Infra.
-        sudo sysctl -w net.ipv6.conf.$default_route_dev.accept_ra=2
+        for d in $default_v6_route_devs; do
+            sudo sysctl -w net.ipv6.conf.$d.accept_ra=2
+        done
         # Ensure IPv6 forwarding is enabled on the host
         sudo sysctl -w net.ipv6.conf.all.forwarding=1
         # Configure and enable public bridge